<?php
/**
 * PHP Daycare
 * This file allows the uploading of images for adults and children
 * @author Jason Butz
 * @version 0.0
 * @package PHPDaycare
 */
include_once('config.php');
include_once('functions.php');

session_start();
?>
<html>
<head>
<title>Image Upload</title>
</head>
<body>
<?php
// Our user must be logged in & an admin to view things
if(loggedInAsAdmin() == 1)
{

	// We need to know the ID
	if(!isset($_GET['id']))
	{
		echo "<p>Error: No ID was set.</p>";
	}
	else
	{
		// We also need to know if this is an adult or a child
		if(!isset($_GET['t']))
		{
			echo "<p>Error: Type was not set.</p>";
		}
		else
		{
			// We are good to go!
			$t = $_GET['t'];
			switch($_GET['t'])
			{
				case 'a':
					$tbl = "adults";
					break;
				case 'c':
					$tbl = "child";
					break;
			}
			$id = $_GET['id'];
			if(!isset($_POST['u']))
			{
				$sql = "SELECT name FROM $tbl WHERE ID = $id";
				$r = $db->query($sql);
				$row = mysql_fetch_row($r);
				echo "<p>Upload a new picture for <i>".$row[0]."</i></p>";
				echo "<form name='uploadphoto' action='imgupload.php?id=$id&t=$t' method='post' enctype='multipart/form-data'>";
					if($tbl == 'adults')
					{
						echo "<p><b>Current Photo:</b><br /><img src='aimg.php?id=$id'></p>";
					}
					else
					{
						echo "<p><b>Current Photo:</b><br /><img src='cimg.php?id=$id'></p>";
					}
				echo "<p><b>New Photo:</b><br /><input type='file' name='aphoto' size='30' tabindex='1'></p>
					<input type='hidden' name='id' value='$id'/>
					<input type='hidden' name='t' value='".$_GET['t']."'/>
					<input type='hidden' name='u' value='true'>
					<p><input type='submit' tabindex='2' value='Upload Photo'/></p></form>";
			}
			else
			{
				//$img = $_GET['img'];
				$img = $_FILES['aphoto'];
				echo "<p>'";
				echo $img['type'];
				echo "'</p>";
				if(isImg($img))
				{
					$sql = "UPDATE $tbl SET photo=\"".addslashes(todatabase($img))."\" WHERE ID = $id";
					$r = $db->query($sql);
					if($r)
					{
						echo "<p>The image was uploaded successfully.</p>";
					}
					else
					{
						echo "<p>An unspecified error occured and the image was not uploaded</p>";
					}
				}
				else
				{
					echo "<p>Error: Only jpeg/jpg images may be uploaded</p>";
				}
			}
		}
	}
}
else
{
	die("Error: You must be logged in as an administrator to use this function");
}
function isImg($file)
{
	// First, do we have a file?
	if($file["size"] > 0)
	{
		// We have a file, but is it too big?
		if($file["size"] <= 5242880) // 5MB
		{
			// Is it an image? (jpg, jpeg only);
			if($file["type"] == "image/jpeg" ||
				$file["type"] == "image/pjpeg") // The pjpeg is apparently for IE. Damn them being different!
			{
				// We have a valid image as far as we can tell!
				return TRUE;
			}
		}
	}
	// Guess it isn't valid
	return FALSE;
}
function todatabase($img)
{
	if(isImg($img))
	{
		// We have a valid image as far as we know
		// Now to open it and read it in
		$fp      = fopen($img['tmp_name'], 'r');
		$content = fread($fp, filesize($img['tmp_name']));
		fclose($fp);
		return $content;
	}
	else
	{
		return FALSE;
	}
}
?>
</body>
</html>
